Back
LEX.AI

Security

Your contracts deserve the highest protection

At LEX.AI, security isn't an afterthought — it's the foundation of everything we build. We handle sensitive legal documents every day, and we treat that responsibility with the seriousness it deserves.

End-to-End Encryption

All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption. Your contracts never travel unprotected.

Secure Infrastructure

Our platform runs on SOC 2-compliant cloud infrastructure with redundant backups, DDoS protection, and 99.9% uptime SLA.

Zero Data Selling

We never sell, share, or monetize your contract data. Your documents are yours — period. We only process them to provide the analysis you requested.

Access Control

Role-based access controls ensure only authorized team members can view contracts. All access is logged and auditable.

No AI Training on Your Data

Your contract text is never used to train or fine-tune AI models. Analysis is performed in isolated sessions that are not retained after processing.

Data Deletion on Demand

Delete any contract from your account at any time, and it is permanently removed from our servers. You can also request full account data deletion.

How We Handle Your Contracts

When you upload a contract, it follows a strict security pipeline:

  1. Encrypted Upload — Your file is transmitted over TLS 1.3 and stored in an encrypted storage bucket (AES-256). The file never touches an unencrypted disk.
  2. Text Extraction — We extract the text content from your PDF or DOCX in an isolated processing environment. The original file remains encrypted at rest.
  3. AI Analysis — The extracted text is sent to our AI partner (Anthropic's Claude) via an encrypted API connection. Claude does not store or train on your data — each request is processed in isolation.
  4. Results Storage — The analysis results (risk scores, findings, clause assessments) are stored in your encrypted account database, accessible only to you and your authorized team members.
  5. Your Control — You can delete any contract and its analysis at any time. Deletion is permanent and irreversible.

Infrastructure & Compliance

Cloud ProviderSOC 2 Type II Certified
Data EncryptionAES-256 at rest, TLS 1.3 in transit
DatabaseSupabase (PostgreSQL) with RLS
AI ProviderAnthropic (zero data retention)
AuthenticationSupabase Auth with MFA support
Uptime SLA99.9% availability guarantee
BackupsAutomated daily, 30-day retention
DDoS ProtectionEdge-level mitigation

Team & Organization Security

For teams using LEX.AI, we provide additional layers of security:

  • Role-Based Access — Assign admin, member, or viewer roles. Each role has specific permissions for uploading, analyzing, and managing contracts.
  • Organization Isolation — Each organization's data is completely isolated. Contracts uploaded by one organization are never visible to another.
  • Audit Trail — All contract uploads, analyses, and team actions are logged for compliance and accountability.
  • SSO/SAML — Business and Enterprise plans support single sign-on integration with your identity provider.

Incident Response & Transparency

In the unlikely event of a security incident, we are committed to transparency and rapid response:

  • Immediate Investigation — Our security team investigates any anomaly within minutes, not hours.
  • User Notification — Affected users are notified within 72 hours with clear, honest communication about the scope and impact.
  • Post-Incident Report — We publish a detailed post-mortem with root cause analysis and preventive measures.

Our Security Commitments

  • We will never sell, rent, or monetize your contract data.
  • We will never use your data to train AI models.
  • We will always encrypt your data in transit and at rest.
  • We will always give you full control to delete your data.
  • We will always be transparent about how we handle your information.
  • We will promptly notify you if a security incident affects your data.

Questions or Concerns?

If you have any security-related questions, found a vulnerability, or need a security assessment for your organization, please contact our security team at support@lexaicorp.com.

For general inquiries, see our Terms of Service and Privacy Policy.

© 2026 LEX.AI. All rights reserved.